Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'UserFaultCheck' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 'Btmchk' = '{0199F9E2-CEE1-4358-8B28-DDC6CFA77EE6}'
- [<HKLM>\SYSTEM\ControlSet001\Control\Print\Providers\evl] 'Name' = '%TEMP%\Adobe\AdobeRdrPlug.dll'
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\spoolsv.exe
- %WINDIR%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20110704-105431-00.mdmp
- %WINDIR%\pchealth\ERRORREP\UserDumps\spoolsv.exe.20110704-105431-00.hdmp
- %CommonProgramFiles%\winafx.log
- %TEMP%\Adobe\AdobeRdrPlug.dll
- C:\spoolerlogs\spooler.xml
- из <Полный путь к вирусу> в <Текущая директория>\err.log
- 'ea##cvc.com':80
- ea##cvc.com/form/xgate.php
- DNS ASK ea##cvc.com
- ClassName: '' WindowName: 'Spooler SubSystem App'